enable ah & esp by default, now that we trust the code more

2 files changed, 7 insertions, 6 deletions

diff --git a/etc/sysctl.conf b/etc/sysctl.conf
index 444fd703a5d..c7639c3b490 100644
--- a/etc/sysctl.conf
+++ b/etc/sysctl.conf
@@ -1,4 +1,4 @@
-#	$OpenBSD: sysctl.conf,v 1.23 2001/06/27 03:20:20 angelos Exp $
+#	$OpenBSD: sysctl.conf,v 1.24 2001/08/07 14:07:47 deraadt Exp $
 #
 # This file contains a list of sysctl options the user wants set at
 # boot time.  See sysctl(3) and sysctl(8) for more information on
@@ -8,8 +8,9 @@
 #net.inet6.ip6.forwarding=1	# 1=Permit forwarding (routing) of packets
 #net.inet6.ip6.accept_rtadv=1	# 1=Permit IPv6 autoconf (forwarding must be 0)
 #net.inet.tcp.rfc1323=0		# 0=disable TCP RFC1323 extensions (for if tcp is slow)
-#net.inet.esp.enable=1		# 1=Enable the ESP IPsec protocol
-#net.inet.ah.enable=1		# 1=Enable the AH IPsec protocol
+#net.inet.esp.enable=0		# 0=Disable the ESP IPsec protocol
+#net.inet.ah.enable=0		# 0=Disable the AH IPsec protocol
+#net.inet.ipcomp.enable=1	# 1=Enable the IPCOMP protocol
 #ddb.panic=0			# 0=Do not drop into ddb on a kernel panic
 #ddb.console=1			# 1=Permit entry of ddb from the console
 #fs.posix.setuid=0		# 0=Traditional BSD chown() semantics
diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c
index 17b8e0cec25..7216c4081eb 100644
--- a/sys/netinet/ipsec_input.c
+++ b/sys/netinet/ipsec_input.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ipsec_input.c,v 1.50 2001/07/06 19:35:38 jjbg Exp $	*/
+/*	$OpenBSD: ipsec_input.c,v 1.51 2001/08/07 14:07:47 deraadt Exp $	*/
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
  * Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -84,8 +84,8 @@ void *ipsec_common_ctlinput(int, struct sockaddr *, void *, int);
 #endif
 
 /* sysctl variables */
-int esp_enable = 0;
-int ah_enable = 0;
+int esp_enable = 1;
+int ah_enable = 1;
 int ipcomp_enable = 0;
 
 #ifdef INET6